This is an automated email from the ASF dual-hosted git repository.
xiangfu pushed a commit to branch new-site-dev
in repository https://gitbox.apache.org/repos/asf/pinot-site.git
The following commit(s) were added to refs/heads/new-site-dev by this push:
new 82063c9a update csp (#107)
82063c9a is described below
commit 82063c9abcdf7ef417d29b1c0671224ba12bfb6a
Author: Xiang Fu <[email protected]>
AuthorDate: Tue Apr 9 16:41:02 2024 +0800
update csp (#107)
---
app/layout.tsx | 2 +-
next.config.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/app/layout.tsx b/app/layout.tsx
index 962021f1..2d73406b 100644
--- a/app/layout.tsx
+++ b/app/layout.tsx
@@ -90,7 +90,7 @@ export default function RootLayout({ children }: { children:
React.ReactNode })
/>
<meta
http-equiv="Content-Security-Policy"
- content="frame-src youtube.com www.youtube.com;"
+ content="frame-src 'self' youtu.be youtube.com
*.youtube.com googlevideo.com *.googlevideo.com;"
/>
<meta name="msapplication-TileColor" content="#000000" />
<meta name="theme-color" media="(prefers-color-scheme: light)"
content="#fff" />
diff --git a/next.config.js b/next.config.js
index 62276625..cbd6797b 100644
--- a/next.config.js
+++ b/next.config.js
@@ -13,7 +13,7 @@ const ContentSecurityPolicy = `
media-src *.s3.amazonaws.com;
connect-src *;
font-src 'self';
- frame-src giscus.app www.youtube.com
+ frame-src 'self' giscus.app youtu.be youtube.com *.youtube.com
googlevideo.com *.googlevideo.com;
`;
const securityHeaders = [
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
